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REMARKS 

Applicants have thoroughly considered the Examiner's remarks in the July 19, 2007 
Office action and have amended the application to more clearly set forth aspects of the invention. 
This Amendment A amends claims 1, 12, 15, 22, 30, 32, 34 and 35, and cancels claims 14, 16-18, 
21,24-29, 31, 33, 39 and 40. No new matter has been added. 

Claims 1-13-15, 19, 20, 23, 30, 32 and 34-38 are thus presented in the application for 
further examination. Reconsideration of the application as amended and in view of the following 
remarks is respectfully requested. 

As a preliminary matter, Applicants request the Examiner withdraw the first action 
or request that the next action is not made final. According to MPEP 904.03, "it is a 
prerequisite to a speedy and just determination of the issues involved in the examination of an 
application that a careful and comprehensive search, commensurate with the limitations 
appearing in the most detailed claims in the case, be made in preparing the first action on the 
merits so that the second action on the merits can be made final or the application allowed with 
no further searching other than to update the original search." Furthermore, MPEP 707.07(g) 
states that "piecemeal examination should be avoided as much as possible." In this case, the 
Examiner has failed explain how the subject matter included in both independent dependent 
claims of the application are made obvious or anticipated by the cited art. For example, 
independent claim 15 recites "storing first data on the client in response to allowing the user 
access to the first service, said first data identifying a first policy group associated with the 
first service." And, dependent claim 5 recites "wherein said first request indicates a desire of the 
first network server to provide the first service to the user, and wherein said receiving the first 
request comprises receiving the first request from a first network server via an image tag " and 
dependent claim 6 recites "wherein the first data and the second data are implemented as 
cookies stored on the client." Nowhere in the action does the Examiner even mention policy 
groups, image tags or cookies much less explain how they are anticipated or made obvious 
by the cited art. As such, Applicants ask the Examiner to withdraw the action or indicate that 
the unaddressed subject matter is allowable. 
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Claim Rejections Under 35 U.S.C. § 112 

Claims 30 - 34 stand rejected under 35 U. S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. Claims 30, 32 and 34 have been amended to recite "the stored 
information identifying the first policy group associated with the first service" and "the stored 
information identifying the second policy group associated with the second service." Thus, the 
rejection should be withdrawn. 

Claim Rejections Under 35 U.S.C. § 103 

Claims 1-34 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Venkataramappa (U.S. Pub. App. 2003/0188193, hereinafter Venkataramappa) in view of Zhang 
et al. (U.S. Pat. No. 7,036,142, hereinafter Zhang). Applicants respectfully disagree. 

Venkataramappa teaches a single sign-on authentication method where the client signs on 
to a first server and in response, the first server generates a ticket. (Page 3, paragraph 55). The 
first server keeps the ticket and generates and sends a token to the client. (Page 3, paragraph 56- 
Page 3, paragraph 57; FIG. 3). Next, the client connects to a second server and sends the token 
to the second server. (Page 4, paragraph 59). The second server requests the ticket from the first 
server and authenticates the client based on the token and the ticket. (Page 4, paragraph 60-62; 
FIG 3). 

Zhang teaches an authentication system where the client dials into a host computer and 
sends authentication information. (Column 6, lines 35-38; column 7, lines 16-18; FIG 5). An 
authentication server authenticates clients based on authentication information and notifies host 
server client is authenticated. (Column 7, lines 19-33). The gateway stores the IP address and 
authentication information and the client remains registered for duration of its logon session. 
(Column 7, lines 44-64). The host computer provides the client an IP address associated with a 
gateway. (Column 7, lines 64-66). And, the host system populates a dashboard with authorized 
services for the client. (Column 8, lines 2-7). 

Stanko teaches an authentication system where the client receives authentication 
challenge sent by authentication server when the client tries to access a service. (Page 5, 
paragraph 47). The client responds with credentials and if authenticated, the authentication 
sends the client a ticket. (Page 5, paragraph 48). The client sends a ticket including digital 
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signature and public key to the server and the server verifies signature using a private key. (Page 
4, paragraph 51). If the client is verified, the authentication server grants access to the service. 
(Page 4, paragraph 51). 
Claim 1 

In contrast, claim 1 as amended, recites: 

receiving a first request from the first network server to provide the first 
service to the user; 

storing first data on the client in response to the received first request, 
said first data identifying the first service wherein authentication of the user by 
the first service is optional ; 

allowing the user to access the first service without authenticating the user; 

receiving a second request from the second network server to provide the 
second service to the user wherein the second service requires authentication of 
the user; 

allowing the user access to the second service in response to the received 
second request wherein the user is authenticated for the second service in 
response to the received second request; and 

wherein, in response to the authentication of the user by the second 
request, the user is authenticated for the first service as a result of the stored 
first data. 

For example, the user navigates to a first selected service, namely, Service A, by using a 
browser of client computer system. (Page 19, paragraph 45). Within Service A, there may be 
web pages that the service administrator would prefer but does not require the user to be 
authenticated in order to grant the user access to these web pages. (Page 19, paragraph 46). In 
other words, these web pages "desire" authentication from the perspective of Service A but 
do not require it. (Page 19, paragraph 46). A "Desired Authentication" cookie (e.g., first data) 
is stored on the client when the user navigates to Service A to indicate that Service A would like 
to have the user authenticated, but does not require it. (Page 19, paragraph 48). The cookie is 
also used by Service A to indicate that Service A has already expressed a desire to authenticate 
the user. (Page 19, paragraph 49). 

Thereafter, the user uses the browser of client computer system to navigate to Service B, 
which requires the user to be authenticated because it provides personalized or premium content 
to the user. (Page 19, paragraph 50). As a result, Service B redirects the browser to an 
Authentication URL of central server and the Authentication URL prompts the user for his or her 
credentials. (Page 19, paragraph 50). The user submits his or her credentials to central server 
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and if the submitted credentials match an entry stored in database, then central server obtains a 
profile associated with the submitted credentials. (Page 19, paragraph 50). Additionally, the 
central server also sees that another site, namely, Service A, has expressed a desire to 
authenticate the user through the "Desired Authentication" cookie. (Page 19, paragraph 51). 
The "Desire Authentication" cookie issued by Service A is cleared so that when the user returns 
to Service A thereafter, Service A will "soft authenticate" the user. (Page 19, paragraph 51). 
Accordingly, central server authenticates the user for Service A the next time the user 
navigates to Service A. (Page 19, paragraph 55). 

Writing for the Supreme Court, Justice Anthony Kennedy observed that a patent claim is 
invalid for obviousness when the invention combines familiar elements according to known 
methods to produce no more than predictable results. KSR International Co. v. Teleflex, Inc. 
U.S., No. 04-1350, 4/30/07. However, in this rejection, neither the element of storing first data 
on the client in response to the received first request, said first data identifying the first 
service wherein authentication of the user by the first service is optional nor the result of in 
response to the authentication of the user by the second request, the user is authenticated 
for the first service as a result of the stored first data is found in the combined art. 

For at least these reasons, Applicants submit that cited references, alone or in 
combination, do not teach or make obvious each and every element of claim 1 . As such, the 
rejection of claim 1 under 35 U.S.C. § 103(a) should be removed. Additionally, claims 2-13 
depending from claim 1 are allowable for at least the same reasons as claim 1. Claims 22 and 35 
have been amended to include similar subject matter as claim 1 and are allowable for at least the 
same reasons as claim 1. Claims 23 and 36-38 depend from claims 22 and 35. respectively, and 
are allowable for at least the same reasons as claims 22 and 35 

Claim 15 

Claim 15, as amended, recites: 

receiving a first request from the first network server to provide the 
first service to the user wherein the first service requires authentication of 
the user; 

authenticating the user for the first service in response to the received first 
request; 

allowing the user access to the first service in response to the received first 
request; 
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storing first data on the client in response to allowing the user access 
to the first service, said first data identifying a first policy group associated 
with the first service, said first policy group having a shared set of business 
rules to restrict authentication of a user across different domains; 

receiving a second request from the second network server to provide the 
second service to the user wherein authentication of the user by the second service 
is optional; 

if the second service is associated with the first policy group identified 
by the stored first data, allowing the user access to the second service in 
response to the received second request wherein the user is authenticated for 
the second service in response to the received second request; and 

if the second service is not associated with the first policy group 
identified by the stored first data: 

updating the stored first data to identify the second service; 

and 

allowing the unauthenticated user to access the second service. 

For example, the user uses the browser of client computer system to navigate to Service 
B, which requires the user to be authenticated because it provides personalized or premium 
content to the user. (Page 29, paragraph 65). As a result, Service B redirects the browser to an 
Authentication URL of central server and the Authentication URL prompts the user for his or her 
credentials. (Pages 29-30, paragraph 65). The user submits his or her credentials to central 
server and if the submitted credentials match an entry stored in database, then central server 
obtains a profile associated with the submitted credentials. (Page 30, paragraph 66). 
Additionally, the central server may record the policy group of Service B (Policy Group P) 
in a "Visited Sites" cookie on the client. (Page 30, paragraph 66). 

Thereafter, the user navigates to a first selected service, namely, Service A which belongs 
to the same policy group as Service B. (Page 31, paragraph 68). Within Service A, there may be 
web pages that the service administrator would prefer but does not require the user to be 
authenticated in order to grant the user access to these web pages. (Page 29, paragraph 64). 
Since the user has already signed in to a site within Policy Group P, namely Service B, central 
server will automatically sign in the user to Service A, and an encrypted authentication ticket and 
profile information of the user will be communicated to Service A. (Page 29, paragraph 68). 

Writing for the Supreme Court, Justice Anthony Kennedy observed that a patent claim is 
invalid for obviousness when the invention combines familiar elements according to known 
methods to produce no more than predictable results. KSR International Co. v. Teleflex, Inc. 
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U.S., No. 04-1350, 4/30/07. However, in this rejection, neither the element of storing first data 
on the client in response to allowing the user access to the first service, said first data 
identifying a first policy group associated with the first service, nor the result of if the 
second service is associated with the first policy group identified by the stored first data, 
allowing the user access to the second service in response to the received second request 
wherein the user is authenticated for the second service in response to the received second 
request is found in the combined art. 

For at least these reasons, Applicants submit that cited references, alone or in 
combination, do not teach or make obvious each and every element of claim 15. As such, the 
rejection of claim 15 under 35 U.S.C. § 103(a) should be removed. Additionally, claims 19 and 
20 depending from claim 15 are allowable for at least the same reasons as claim 15. Claim 30 
has been amended to include similar subject matter as claim 15 and is allowable for at least the 
same reasons as claim 15. Claims 32 and 34 depend from claim 30 and are allowable for at least 
the same reasons as claim 30. 

Claims 35 -40 stand rejected under35 USC 103 (a) as being obvious over 
Venkataramappa in view of Stanko (U.S. Pub. App. 2005/0074126). For the reasons stated 
above, Applicants submit that cited references, alone or in combination, do not teach or make 
obvious each and every element of claim 30 such as "if the second policy group identified by 
the stored information identifying the second policy group associated with the second 
service is the same as the first policy group identified by the stored first data, the central 
server is configured to allow the user access to the second service in response to the 
received second request wherein the user is authenticated by the central server for the 
second service in response to the received second request." As such, the rejection of claim 35 
under 35 U.S.C. § 103(a) should be removed. Additionally, claims 36-38 depending from claim 
35 are allowable for at least the same reasons as claim 35. 

Conclusion 

Applicants submit that the claims are allowable for at least the reasons set forth herein. 
Applicants thus respectfully submit that the claims as presented are in condition for allowance 
and respectfully request favorable reconsideration of this application. 
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Although the prior art made of record and not relied upon may be considered pertinent to 
the disclosure, none of these references anticipates or makes obvious the recited aspects of the 
invention. The fact that Applicants may not have specifically traversed any particular assertion 
by the Office should not be construed as indicating Applicants' agreement therewith. 

Applicants wish to expedite prosecution of this application. If the Examiner deems 
the application to not be in condition for allowance, the Examiner is invited and 
encouraged to telephone the undersigned to discuss making an Examiner's amendment to 
place the application in condition for allowance. 

The Commissioner is hereby authorized to charge any deficiency or overpayment of any 
required fee during the entire pendency of this application to Deposit Account No. 19-1345. 

Respectfully submitted, 
/Frank R. Agovino/ 

Frank R. Agovino, Reg. No. 27,416 

SENNIGER POWERS 

One Metropolitan Square, 16th Floor 

St. Louis, Missouri 63102 

(314) 231-5400 

FRA/BAW/cjl 



